Reputation: 345
SSLPeerUnverifiedException: peer not authenticated WITH VALID CERTIFICATE
I have https certificate signed by Geo Trust. All browsers opens my site very well. My app authorizing through https, and most time everything OK. But sometimes users can't connect and have error:
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at sun.security.ssl.SSLSessionImpl.getPeerCertificates(Unknown Source)
at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:126)
at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:572)
at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:180)
at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:294)
at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:645)
at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:480)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:906)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:805)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:784)
at org.greencubes.downloader.Downloader.downloadFile(Unknown Source)
at org.greencubes.lil.Launcher.<init>(Unknown Source)
at org.greencubes.lil.Launcher.main(Unknown Source)
Last user had windows 7 x86 and java 1.7_45u. It happens on random OSs and random java updates, i don't know the reason. Sometimes it's not happening, but usually if user have such error nothing can help.
I can not add certificate to user's keysore as this is user application.
Target url is auth.greencubes.org (empty response must return 403), you can check it.
Upvotes: 4
Views: 1984
Answers (1)
Reputation: 345
So, i found a problem with help of one of my users. The problem in that Kaspersky Antivirus (or may be some other antiviruses/firewalls too, ESET NOD may be) inspecting encrypted connections by replacing SSL certificates, and default java keystore has no certificate of Kaspersky CA (cause it is generated on installation of antivirus).
First solution is to disable inspecting encrypted connections or inspection connections at all (web-antivirus functionality) or disabling antivirus.
The right solution is try to use Windows's KeyStore, where Antiviruses's CA Certificate was added by antivirus itself. It can be done by setting JVM parameter:
-Djavax.net.ssl.trustStoreType=Windows-ROOT
(It must be "Windows-ROOT", not "Windows-MY"!)
Or by executing this code when app starts (in main() function preferable):
System.setProperty("javax.net.ssl.trustStoreType", "Windows-ROOT");
You just need to be sure that it's windows system, so command-line argument is not general-purpose solution.
This code can be used to be sure that windows key store is present and valid:
if(System.getProperty("os.name").toLowerCase().contains("windows")) {
try {
KeyStore ks = KeyStore.getInstance("Windows-ROOT");
ks.load(null, null);
System.setProperty("javax.net.ssl.trustStoreType", "Windows-ROOT");
} catch(Exception e) {
// Ignore: windows keystore is bad, left default
}
}
Upvotes: 1
Related Questions
- Exception : javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
- Apache Http Client SSL certificate error
- SSLPeerUnverifiedException: peer not authenticated
- Why am I getting an exception javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated?
- javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated issue
- Apache HttpClient Error: javax.net.ssl.SSLPeerUnverifiedException: Peer Not Authenticated
- SSL "Peer Not Authenticated" error with HttpClient 4.1
- Apache HTTPClient SSLPeerUnverifiedException
- Apache HTTP Client javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
- SSLPeerUnverifiedException with httpClient